TurnKey Linux Virtual Appliance Library

Help with setting up a Turnkey Drupal appliance to work both on and off (stand alone pc) my home network

I searched the forum before I asked this, but was not able to locate a similar question. I apologize if it has been asked. I am attempting to setup a Drupal appliance on a virtualbox. My objective is to be able to work on my projects on or off my home network. This would be using the same laptop, of course. I have no problem setting it up with DHCP, but, of course, this will not work when I am off the network. I was thinking I could set it up with 127.0.0.1, but not sure if that would work or how I would configure the ip and gateway settings. I would think someone has to have successfully set up such a configuration. Is there anyone who can give me some suggestions? Also, if I set it up this way, my objective is to be able to access the same data no matter what the Gateway is set to.
Jeremy's picture

Should be easy

Just give your VM 2 NICs. One can be set to DHCP (which will allow internet/LAN access via whatever gateway DHCP supplies). And one set with static IP that's 'Host only' (in  VBox). Then you can connect direct from your lappy anytime, anywhere via the static 'Host only' one and get internet access and access from other PCs via the other one. If you plan to only use it for development and don't want to access your VM from anywhere other than your lappy you can make the DHCP one 'NAT' (VBox). That will still allow your VM internet access (for updates etc) but won't allow anyone else to connect.

Only catch is that one of them you will have to setup manually (confconsole only handles one NIC AFAIK). That shouldn't be too hard but I can't recall OTTOMH. Just remember TKL is based on Ubuntu 10.04/lucid server and google will help you out! :)

I haven't tried this myself, but someone posted this suggestion some time ago (and no surprise you didn't find it - I remember the post and I still can't find it!) so let me know how you go with it.

No way it was that simple.

No way it was that simple. But it was. I hadn't seen the 4 tabs for 4 separate virtual NICs. I'm up and running.

Thanks for that timely reply.

I spent a day recently

I spent a day recently searching out the best ways to do virtual networking (topologies).  Nat, host only, bridged, hybrids, vlans, dmz,  etc.  Confusing.  Funny thing I read in forums and blogs about is do this that and it will work.  Not much thought going into the security from what I read.  Just funtionality which I understand is all many want.  Peeps think a firewall is all that's necessary. Maybe it's ok..I don't know yet.   Slap a bunch of apps in a Vserver and open ports.  Yikes.   I didn't find one on how to do VN securely.   Glad Jeremy's post worked though.  Bridged is easiest Matt but the VM's are wide open w/o a software firewall inside the vm and TKL's afaik has one in each through the OS layer...at least.  2 nics on each real server...VM's on one subnet...phys machines on another through a managed switch is the minimum I'm doing if I can ever fig it out.  Every VM looks like a real server (which it is) from the hackers POV if it's all linked together haphazardly.  Anything here on TKL VN security? 


Jeremy's picture

Would be great to have more info here on securing appliances

I must admit that it is somewhat lacking (info on securiting appliance that is). A quick rule of thumb is to expose as little as possible and shut services that aren't being used (to reduce attack vectors). Ie if you're not using Webmin, shut it down, likewise for Webshell, etc. Also using keys to access SSH makes it more secure (rather than a password). By having security updates auto installed by default TKL does make basic security a bit easier though.

Bottom line is though, that it is a constant tradeoff between security and useability. To completely secure a server - unplug it from the net! :)

Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account, used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <strike> <caption>

More information about formatting options

Leave this field empty. It's part of a security mechanism.
(Dear spammers: moderators are notified of all new posts. Spam is deleted immediately)